Carl Smith's Avatar

Carl Smith

@rwx.page

Security @Google, Personal Account.

367
Followers 198
Following 4
Posts 28.06.2023
Joined
Posts Following

Latest posts by Carl Smith @rwx.page

Post image

Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer.

@rwx.page

20.02.2025 14:12 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Unfortunately not, we are planning on sharing more details in form of talks in the future though.

05.02.2025 15:53 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

And make sure to update to the latest swift version too!

04.02.2025 19:35 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Some slides discussing some of this work can be found here:
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf

04.02.2025 19:35 πŸ‘ 3 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!

04.02.2025 19:34 πŸ‘ 31 πŸ” 16 πŸ’¬ 1 πŸ“Œ 1
Preview
Chrome Vulnerability Reward Program Rules | Google Bug Hunters ATTENTION As of 4 February 2024, Chromium has migrated to a new issue tracker, please report security bugs to the new issue tracker using this form . Please see the Chrome VRP News and FAQ page for mo...

Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox

* No longer limited to d8

* Rewards for controlled writes increased to $20k

* Any memory corruption outside the sandbox is now in scope

bughunters.google.com/about/rules/...

Happy hacking!

13.11.2024 18:05 πŸ‘ 28 πŸ” 10 πŸ’¬ 1 πŸ“Œ 0

Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay!

The V8 Heap Sandbox: saelo.github.io/presentation...

Fantastic conference, as usual! :)

22.05.2024 19:01 πŸ‘ 4 πŸ” 5 πŸ’¬ 0 πŸ“Œ 1
Preview
V8 Sandbox - Trusted Space V8 Sandbox - Trusted Space Author: saelo@ First Published: October 2023 Last Updated: October 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses...

Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1...
This should be one of the last pieces of infrastructure required for the sandbox.

20.10.2023 13:34 πŸ‘ 7 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Post image

One day, @rwx.page and me got bored and built a tiny command line game with 0 deps in πŸ¦€.

`cargo install quarto`

It's not much but it's honest work :)
https://github.com/domenukk/quarto_rs

12.08.2023 00:34 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0